5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
67.1%
JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise
Application Platform. It provides a single deployment platform for the
JavaServer Pages (JSP) and Java Servlet technologies.
It was found that sending a request without a session identifier to a
protected resource could bypass the Cross-Site Request Forgery (CSRF)
prevention filter in JBoss Web. A remote attacker could use this flaw to
perform CSRF attacks against applications that rely on the CSRF prevention
filter and do not contain internal mitigation for CSRF. (CVE-2012-4431)
Multiple weaknesses were found in the JBoss Web DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation and deployed applications.
All users of JBoss Enterprise Application Platform 6.0.1 on Red Hat
Enterprise Linux 5 and 6 are advised to upgrade to these updated packages.
The JBoss server process must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | jbossweb | < 7.0.17-4.Final_redhat_3.ep6.el6 | jbossweb-7.0.17-4.Final_redhat_3.ep6.el6.src.rpm |
RedHat | 5 | noarch | jbossweb-lib | < 7.0.17-4.Final_redhat_3.ep6.el5 | jbossweb-lib-7.0.17-4.Final_redhat_3.ep6.el5.noarch.rpm |
RedHat | 5 | noarch | jbossweb | < 7.0.17-4.Final_redhat_3.ep6.el5 | jbossweb-7.0.17-4.Final_redhat_3.ep6.el5.noarch.rpm |
RedHat | 6 | noarch | jbossweb | < 7.0.17-4.Final_redhat_3.ep6.el6 | jbossweb-7.0.17-4.Final_redhat_3.ep6.el6.noarch.rpm |
RedHat | 5 | src | jbossweb | < 7.0.17-4.Final_redhat_3.ep6.el5 | jbossweb-7.0.17-4.Final_redhat_3.ep6.el5.src.rpm |
RedHat | 6 | noarch | jbossweb-lib | < 7.0.17-4.Final_redhat_3.ep6.el6 | jbossweb-lib-7.0.17-4.Final_redhat_3.ep6.el6.noarch.rpm |